Fellow PowerShell users
I was asked to put together a script to set a acl (access control list) on a Home drive. Created a .csv file as a source with the user to change which it retrieves from the username.csv file.
What I need do is to set it to “read only with delete rights”. Below is what I’ve put together so far…
#Script to set User's H drive to Read & delete only.
Import-Module 'ActiveDirectory'
import-csv H:\username.csv | foreach-object{
$homeDrive = (Get-ADUser -Identity $_.name -Properties homedirectory).homedirectory #Query AD for the HomeDrive attribute
$ACL = Get-Acl $homeDrive
$ACL.setAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($_.name, "Read", "ContainerInherit,ObjectInherit", "none", "allow")))
$ACL.setAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($_.name, "Delete", "ContainerInherit,ObjectInherit", "none", "allow")))
Write-Output $homeDrive
Write-Output $ACL
pause
Set-Acl $homeDrive $ACL
}
Seems like it will do one or the other but not both. Any help would be appreciated.
RS
you can use Read and Delete as an array @(‘Read’,‘Delete’)
New-Object System.Security.AccessControl.FileSystemAccessRule($_.name, @('Read','Delete'), "ContainerInherit,ObjectInherit", "none", "allow")
Thank you. I will test this.
Also, how do I output all results to a txt file? Is this even possible? Still learning PS. 
If you’re seeing the results you want at the console during the execution, you can just pipe the output to Out-File.
#Script to set User's H drive to Read & delete only.
Import-Module 'ActiveDirectory'
import-csv H:\username.csv | foreach-object{
$homeDrive = (Get-ADUser -Identity $_.name -Properties homedirectory).homedirectory #Query AD for the HomeDrive attribute
$ACL = Get-Acl $homeDrive
$ACL.setAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($_.name, "Read", "ContainerInherit,ObjectInherit", "none", "allow")))
$ACL.setAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($_.name, "Delete", "ContainerInherit,ObjectInherit", "none", "allow")))
Write-Output $homeDrive
Write-Output $ACL
pause
Set-Acl $homeDrive $ACL
} | Out-File -Path C:\outputFolder\Output.txt
kvprasoon
Thanks for your tip. Can i ask why the following line is with a @( ?
@(‘Read’,‘Delete’)
Makes it an array of strings.
With the output command you mentioned, I get the following error.
Out-File : A parameter cannot be found that matches parameter name ‘Path’.
At H:\Onedrive project\Hdrive_ReadDeleteonly.ps1:11 char:14
- } | Out-File -Path H:\results.txt
-
- CategoryInfo : InvalidArgument: ( [Out-File], ParameterBindingException
- FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.OutFileCommand
Should I be using a different path command?
I thank everyone who contributed their suggestions but now I need one more thing to set in the script.
Apparently the script worked perfectly, but now I need to ensure that “traverse folder” access is granted so that their H drive doesn’t disappear and show access denied.
What is the line to give traversal folder access with read only and delete only?
Any help is greatly appreciated.